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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH{S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may bo available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply Is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this oommunication, even If timely fifed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)13 Responsive to communication(s) filed on 29 March 2007 . 
2a)[g| This action is FINAL. 2b)n This action is non-final. 

3) 0 Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) |EI Claim(s) 1-23 and 27-31 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) !EI Claim(s) 1-23 and 27-31 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) 0 Claim{s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10) KI The drawing(s) filed on 24 June 2003 is/are: a)[EI accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)\J All b)n Some * c)^ None of: 

1 Certified copies of the priority documents have been received. 

2, n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . Claims 1-23, and 27-31 are presented for examination; claims 1 , 11 , 22, 23, and 
27 independent. The Office acknowledges the cancellation of claims 24-26 and the 
addition of claims 28-31 . 



Claim Rejections - 35 USC § 101 

2. The Office has considered the amendments to the claims. The rejection under 
this statute is either withdrawn or moot due to the cancellation of the rejected claim. 

Claim Rejections - 35 USC §112 

3. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 



4. Claim 30 is rejected under 35 USC 112, second paragraph as being indefinite. 
Claim 30 recites the use of "5-triple information" which is not defined in the specification 
This is believed to be a typographical error and should read "5-tuple information". For 
Examination purposes, the claim shall be interpreted that the hash function is based on 
the 5-tuple information of the incoming packet. 



Claim Rejections - 35 USC § 103 

The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 
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Claims 1-5, 10-13, 18-23, and 27-31 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Zuk (US 2004/0030927) (which discloses the use of TCP/IP 
flows, see H 22 and Figure 3, and therefore inherently conforms to and includes the 
limitations of the previously cited RFC document Internet Protocol : RFC 791 ; DARPA 
Internet Program Protocol Specification; September 1981 hereinafter RFC) (Zuk also 
incorporates by reference Application no. 10/072,683, also known as US 2003/0154399, 
hereinafter '399) in view of Vairavan (US 2002/0083344). 

5. Referring to claim 1 , Zuk by way of RFC discloses a method for processing a 
fragmented packet within a firewalling device comprising: 

receiving fragments of the packet to the device (i.e. an inherent feature, 
othenA/ise the fragments would be unable to be reassembled) prior to processing of 
firewall policies at the firewalling device (i.e. session is classified after fragments are 
reassembled) (Zuk:Figure 4, ref. 402, 415); 

sorting the fragments according to the packet and order of the fragments (i.e. 
defragmentation) (Zuk:Figure 4); 

storing the fragments in association with the packet and in order (i.e. all the 
fragments associated with the packet or datagram would be stored in the same buffer) 
(RFC: pp. 27-29: 'An Example Reassembly Procedure': "the data from the fragment is 
placed in the data buffer according to its fragment offset and length") in a connection 
table (i.e. flow table 300); 
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collecting all the fragments to reconstitute the packet (i.e. the datagram is only 
sent to the next step if the fragment completes the datagram) (RFC: p. 27, U 4); and 

assembling the fragments in order to reconstitute the packet (RFC:p. 27: "if the 
fragment completes the datagram... then the datagram is sent to the next step in 
datagram processing"); and 

transferring the packet to the firewalling device to apply the firewall policies to the 
entire packet at one time (i.e. the fragments are reassembled, and then the policies are 
applied, thereby applying the firewalling policies to the entire packet) (Zuk: Figure 4, ref. 
415). 

Zuk does not explicitly disclose the use of an NT table and cross linking the NT 
and CT table. In analogous art, Vairavan discloses another firewalling device (i.e. 
packet processor 210) which includes a NAT table for translating packets from external 
to internal addresses and vice versa (H 60, 103, 104). It would have been obvious to 
one of ordinary skill in the art to combine the teaching of Vairavan with Zuk in order to 
provide NAT translation services by combining the packet processor of Vairavan with 
the security devices described in the flow table of Zuk which can include information 
such as address translation information (Zuk: ^ 22) which can be used by the processor 
of Vairavan to efficiently translate packets. By including the packet processor device as 
part of the security devices, this would cross link the NT and CT tables by storing a 
hash of the 5-tuple as used in Zuk ('399: ^ 93). It would have been obvious to one of 
ordinary skill in the art to combine the teaching of Vairavan with Zuk in order to provide 
an integrated, easily upgradeable networking device capable of interfacing with different 
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types of networks while still providing high performance networking functionalities such 
as protocol conversion, security maintenance, and inter/intra-network management 
within an enterprise environment as supported by Vairavan (If 16). 

6. Referring to claim 2, RFC discloses obtaining source and destination address 
information for the fragments, and determine if the source information of the fragments 
matches (i.e. construct BUFID based on source, destination, protocol, and identification 
and determine if a BUFID has been allocated, and if so, then insert fragment into 
position in the buffer) (p. 28). 

7. Referring to claim 3, RFC determines whether the fragments have a valid 
checksum (i.e. a fragment is inherently an IP datagram, and as such, behaves 
according to the protocol, thereby including, packet error correction procedures) (p. 3, H 
2). 

8. Referring to claim 4, RFC discloses obtaining packet (i.e. BUFID) and fragment 
identifiers (i.e. fragment offset, "FO", which provides where in the original datagram the 
fragment is supposed to go) (p. 28). 



9. Referring to claim 5, RFC discloses determining if any fragments needed to 
reconstitute the packet have not been stored (i.e. the packet is only set to the next step 
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if the fragment completes the datagram, otherwise the reassembly routine gives up 
control) (p. 27). 

10. Referring to claim 10, Zuk-Vairavan discloses the invention substantively as 
described above, however does not disclose overwriting one of the fragments with a 
subsequently received fragment, however this is a well known feature since memory is 
finite that data must inherently be rewritten at some point in time. By this rationale, 
"Official Notice" is taken that both the concepts and advantages of providing for 
ovenwiriting a fragment is well known and expected in the art. It would have been 
obvious to one of ordinary skill in the art to modify the system of Zuk-Vairavan in order 
to only need a finite size of memory. 

1 1 . Claims 11-13, and 1 8 are rejected for similar reasons as stated above. 

12. Referring to claims 19 and 20, RFC discloses that the fragments are physically 
stored in order within the buffer memory reserved (p. 27). It should also be noted that if 
data is stored physically contiguous, then it is inherently logically contiguously stored. 

1 3. Referring to claim 21 , RFC discloses that the fragments are IP version 4 packets 
(page 1 1 : Version "this document describes version 4"). 



14. Claims 22, and 23 are rejected for similar reasons as stated above. 
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1 5. Referring to claim 28, Zuk discloses storing an ART for a first packet of a 
connection to the firewall device and the hashing each of the packets to determine a 
table entry to forward the packet (i.e. the creation of a flow table of Zuk clearly ' 
demonstrates the Address Research Table since it is created for the first packet of a 
connection and is associated with the NT and CT as shown above) (Zuk: U 27). 

16. Referring to claim 29, Zuk discloses comparing information from each received 
packet to the previous received packet (i.e. the flow record is created upon the 
information gathered from the first packet, and since the hash Is created based off the 
infomriation in the subsequent packet to find the correlating flow record, it inherently 
checks this hash value against the hash value generated with the first packet, thereby 
comparing the information to a previous received packet) (1| 27). 

1 7. Referring to claims 30 and 31 , as shown above, Zuk discloses the hash value is 
a 5-tuple information, which includes public address information ('399: H 93). 

Claims 6-9, and 14-17 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Zuk-Vairavan in view of Mogul et al (Path MTU Discoverv . RFC 
1191, November 1 990) (hereinafter Mogul). 
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18. Referring to claims 6 and 7, Zuk-Vairavan discloses the invention substantively 
as described in claim 5. Zuk-Vairavan do not specifically disclose determining if the 
collective fragments exceed a communication length threshold and if so, purging the 
fragments. In analogous art, Mogul discloses another data transferring system which 
discloses determining if a datagram is too large to be fonwarded without fragmentation 
(i.e. the packet as a whole exceeds the MTU of the link), the router will discard the 
packet (p. 3, section 2: "Protocol Overview"). It would have been obvious to one of 
ordinary skill in the art to combine the teaching of Mogul with RFC-Malagrino in order to 
reduce the fragmentation reassembly requirements of the host on the network of 
Malagrino by requiring that the packet be small enough such that reassembly will not be 
needed by the host, thereby reducing processing on the host. 

1 9. Referring to claims 8 and 9, RFC discloses starting a timer when a fragment is 
received, and checking whether all the fragments needed to reconstitute the packet 
have not been received to the firewalling device within a threshold time period (i.e. if the 
timer runs out, release reassembly resources) (p. 27, H 4). 

20. Claims 14-17 are rejected for similar reasons as stated above. 

Conclusion 

21 . The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 
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22. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

It is the Examiner's position that Applicant has not yet submitted claims drawn to 
limitations, which define the operation and apparatus of Applicant's disclosed invention 
in manner, which distinguishes over the prior art. As it is Applicant's right to continue to 
claim as broadly as possible their invention. It is also the Examiner's right to continue to 
interpret the claim language as broadly as possible. It is the Examiner's position that 
the detailed functionality (i.e. how the interconnections of the NT, CT, and ART tables 
are established, and how they are used in order to process the fragmented packet) that 
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allows for Applicant's invention to overcome the prior art used in the rejection, fails to 
differentiate in detail how these features are unique. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Joseph E. Avellino whose telephone number is (571) 
272-3905. The examiner can normally be reached on Monday-Friday 7:00-4:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, David A. Wiley can be reached on (571) 272-3923. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Sen/ice Representative or access to the automated information 
system, call 8Q0-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Joseph E. Avellino, Examiner 
April 18, 2007 
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